[
https://issues.apache.org/jira/browse/TEZ-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14955703#comment-14955703
]
Siddharth Seth commented on TEZ-2886:
-------------------------------------
bq. In this case Tez logs for any tasks are not aggregated because only the AM
container has the necessary log aggregation filesystem token. Other containers
only have the DAG credentials
Did you mean "AM NodeManager" and "Other NodeManagers" ?
Unrelated to this jira: Does the RM end up obtaining tokens for this alternate
filesystem on behalf of the user ? (Is it running with proxy capabilities?)
It should be possible to run DAGs for different users within the same session -
since the credentials come in with each and every DAG. That's likely the reason
to keep the credentials separate - avoid leaking the AM user credentials to
potentially a different user.
To fix this, do we want to add an option to merge all credentials - or look for
specific ones to pull in from the AM credentials. The SessionToken may already
be special cased.
> Ability to merge AM credentials with DAG credentials
> ----------------------------------------------------
>
> Key: TEZ-2886
> URL: https://issues.apache.org/jira/browse/TEZ-2886
> Project: Apache Tez
> Issue Type: Improvement
> Affects Versions: 0.7.0
> Reporter: Jason Lowe
>
> Currently AM credentials are explicitly kept separate from DAG credentials,
> but this can cause problems when credentials are automatically added to the
> application as part of the submission process but outside of the client's
> knowledge. We need the ability for the AM's credentials to be merged with
> the DAG credentials so DAGs can pick up important credentials that were not
> submitted by the client.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
